Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
2
Replies

Internal mail-threat-detection

Shibu1978
Level 1
Level 1

‎02-05-2013 06:15 AM - edited ‎03-11-2019 05:56 PM

Dear All,

We had one strange issue which was resolved by configuring  "no threat-detection statistics tcp-intercept" from threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200.

Issue

===

We were not able to access our mail server internally( Zone created in local DNS-(10.10.2.10))  when external nat & access-list configured on the same IP. ( https://mail.company.net).   When we remove the external static nat and access-list we can access mail server internally.

name 10.10.2.23 CASServer2

access-list outside_access_in extended permit tcp any host 94.*.*.170 eq https

static (INSIDE,OUTSIDE) 94.*.*.170 CASServer2 netmask 255.255.255.255

We have Cisco ASA 5520 8.2(5).  Could someone please get me an idea how did resolve by disabling the command above.

Thanks for your inputs.


Labels:
0 Helpful
2 Replies 2

Shibu1978
Level 1
Level 1

‎02-05-2013 06:54 AM

Could someone please throw some light on this.

0 Helpful

James Leinweber
Level 4
Level 4
In response to Shibu1978

‎02-05-2013 08:22 AM

I'm not sure if I understand your question.  My own experience is that if I want both internal and external NAT access to a particular server, I have to give it two different IP addresses.  I haven't run packet-tracer to see what the underlying issue is yet.

-- Jim Leinweber, WI State Lab of Hygiene

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card